diff --git a/app/resources/locales/en_US/default.po b/app/resources/locales/en_US/default.po
index 4893d51d8..26730c74e 100644
--- a/app/resources/locales/en_US/default.po
+++ b/app/resources/locales/en_US/default.po
@@ -294,6 +294,9 @@ msgstr "Incorrect arguments provided to {0}"
msgid "match.er.attr.req"
msgstr "Required attribute {0} not found in request"
+msgid "match.er.attrmap.unknown"
+msgstr "Unknown Attribute Map {0}"
+
msgid "match.er.bl.line"
msgstr "Error at line {0}: {1}"
@@ -354,6 +357,9 @@ msgstr "A Matchgrid with table name {0} already exists"
msgid "match.er.mg.notfound"
msgstr "Matchgrid table not found, was the Matchgrid built? ({0})"
+msgid "match.er.mg.rename"
+msgstr "A Matchgrid cannot be renamed"
+
msgid "match.er.mgid"
msgstr "Could not find Matchgrid ID in request"
diff --git a/app/src/Controller/AttributeMappingsController.php b/app/src/Controller/AttributeMappingsController.php
index 65eda7c60..4cbd9ce99 100644
--- a/app/src/Controller/AttributeMappingsController.php
+++ b/app/src/Controller/AttributeMappingsController.php
@@ -50,7 +50,7 @@ public function install() {
$this->Flash->success(__('match.rs.AttributeMappings.install'));
}
- catch(Exception $e) {
+ catch(\Exception $e) {
$this->Flash->error($e->getMessage());
}
diff --git a/app/src/Model/Table/AttributeMappingsTable.php b/app/src/Model/Table/AttributeMappingsTable.php
index 26c85f8fb..ccb31867f 100644
--- a/app/src/Model/Table/AttributeMappingsTable.php
+++ b/app/src/Model/Table/AttributeMappingsTable.php
@@ -62,10 +62,15 @@ public function initialize(array $config): void {
*
* @param int $attributeMapId Attribute Map ID to install into
* @param string $mapping Mapping to install, currently only "nicknames.en" is supported
+ * @throws \InvalidArgumentException
* @throws \RuntimeException
*/
public function install(int $attributeMapId, string $mapping) {
+ if($mapping != 'nicknames.en') {
+ throw new \InvalidArgumentException(__('match.er.attrmap.unknown', $mapping));
+ }
+
// For now, we assume this is the CSV file from this project:
// https://github.com/carltonnorthern/nickname-and-diminutive-names-lookup
$infile = fopen(ROOT . DS . "vendor" . DS . "nicknames" . DS . "names.csv", "r");
diff --git a/app/src/Model/Table/MatchgridsTable.php b/app/src/Model/Table/MatchgridsTable.php
index 83c63ec04..c8ad0a8c4 100644
--- a/app/src/Model/Table/MatchgridsTable.php
+++ b/app/src/Model/Table/MatchgridsTable.php
@@ -162,6 +162,12 @@ public function buildRules(RulesChecker $rules): RulesChecker {
'isActive',
['errorField' => 'status']);
+ // The Matchgrid table name cannot be changed once created. For a discussion of
+ // the complexities of renaming a Matchgrid, see CO-2441.
+ $rules->addUpdate([$this, 'ruleMatchgridRenamed'],
+ 'matchgridRenamed',
+ ['errorField' => 'table_name']);
+
return $rules;
}
@@ -277,6 +283,24 @@ public function ruleIsUnique($entity, array $options): bool|string {
return true;
}
+
+ /**
+ * Application Rule to determine if the Matchgrid is being renamed.
+ *
+ * @param Entity $entity Entity to be validated
+ * @param array $options Application rule options
+ *
+ * @return bool|string true if the Rule check passes, false otherwise
+ * @since COmanage Match v1.2.2
+ */
+
+ public function ruleMatchgridRenamed($entity, array $options): bool|string {
+ if($entity->isDirty('table_name')) {
+ return __('match.er.mg.rename');
+ }
+
+ return true;
+ }
/**
* Determine if the Matchgrid table exists.
diff --git a/app/templates/Matchgrids/columns.inc b/app/templates/Matchgrids/columns.inc
index c001f7bee..e4cfd69ae 100644
--- a/app/templates/Matchgrids/columns.inc
+++ b/app/templates/Matchgrids/columns.inc
@@ -30,6 +30,9 @@ $indexColumns = [
'type' => 'link',
'cssClass' => 'row-link'
],
+ 'description' => [
+ 'type' => 'echo'
+ ],
'status' => [
'type' => 'enum',
'class' => 'StatusEnum'
diff --git a/app/templates/email/text/potential_match.php b/app/templates/email/text/potential_match.php
index 83641abce..64eee3ccf 100644
--- a/app/templates/email/text/potential_match.php
+++ b/app/templates/email/text/potential_match.php
@@ -30,7 +30,7 @@
<?php if(is_readable($localTemplate)): ?>
<?php include($localTemplate); ?>
<?php else: ?>
-?>
+
A new potential match is available for your review. You may access the
pending request at this URL:
diff --git a/app/templates/layout/default.php b/app/templates/layout/default.php
index 8a8628603..1097c650b 100644
--- a/app/templates/layout/default.php
+++ b/app/templates/layout/default.php
@@ -31,6 +31,7 @@
header("Expires: Thursday, 10-Jan-69 00:00:00 GMT");
header("Cache-Control: no-store, no-cache, max-age=0, must-revalidate");
header("Pragma: no-cache");
+header("Content-Security-Policy: frame-ancestors 'self'");
// Add X-UA-Compatible header for IE
if(isset($_SERVER['HTTP_USER_AGENT']) && (strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false)) {
diff --git a/app/templates/layout/error.php b/app/templates/layout/error.php
index 747ad0331..5c0630f3a 100644
--- a/app/templates/layout/error.php
+++ b/app/templates/layout/error.php
@@ -12,6 +12,8 @@
* @since 0.10.0
* @license https://opensource.org/licenses/mit-license.php MIT License
*/
+
+ header("Content-Security-Policy: frame-ancestors 'self'");
?>
<!DOCTYPE html>
<html>
diff --git a/app/webroot/.htaccess b/app/webroot/.htaccess
index f5f2d631c..4e3b1921b 100644
--- a/app/webroot/.htaccess
+++ b/app/webroot/.htaccess
@@ -3,3 +3,7 @@
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
+
+<IfModule mod_autoindex.c>
+ Options -Indexes
+</IfModule>
\ No newline at end of file
diff --git a/container/match/base/Dockerfile b/container/match/base/Dockerfile
index 74a703c2e..11e6d2257 100644
--- a/container/match/base/Dockerfile
+++ b/container/match/base/Dockerfile
@@ -16,7 +16,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-ARG PHP_IMAGE_VERSION=8.1.23
+ARG PHP_IMAGE_VERSION=8.1.27
FROM php:${PHP_IMAGE_VERSION}-apache-bullseye
# Official PHP image with Apache HTTPD includes
diff --git a/container/match/base/comanage_utils.sh b/container/match/base/comanage_utils.sh
index 6252e75c4..b3ca84871 100644
--- a/container/match/base/comanage_utils.sh
+++ b/container/match/base/comanage_utils.sh
@@ -87,6 +87,7 @@ function comanage_utils::consume_injected_environment() {
COMANAGE_MATCH_SECURITY_SALT
COMANAGE_MATCH_PHP_SESSION_REDIS_URL
COMANAGE_MATCH_SKIP_SETUP
+ COMANAGE_MATCH_SKIP_UPGRADE
COMANAGE_MATCH_SLASH_ROOT_DIRECTORY
COMANAGE_MATCH_VIRTUAL_HOST_FQDN
COMANAGE_MATCH_VIRTUAL_HOST_REDIRECT_HTTP_NO
@@ -734,6 +735,56 @@ function comanage_utils::match_setup() {
fi
}
+##########################################
+# Run COmanage Match upgradeVersion shell command
+# Globals:
+# COMANAGE_MATCH_DATABASE_SCHEMA_FORCE
+# COMANAGE_MATCH_DATABASE_SKIP_UPGRADE
+# COMANAGE_MATCH_DIR
+# OUTPUT
+# Arguments:
+# None
+# Returns:
+# None
+##########################################
+function comanage_utils::match_upgrade() {
+
+ if [[ -n "${COMANAGE_MATCH_SKIP_UPGRADE}" ]]; then
+ echo "Skipping upgrade step" > "$OUTPUT" 2>&1
+ return 0
+ fi
+
+ # We always run upgradeVersion since it will not make any changes
+ # if the current and target versions are the same or if
+ # an upgrade from the current to the target version is not allowed.
+
+ # First clear the caches.
+ comanage_utils::match_clear_cache
+
+ pushd "$COMANAGE_MATCH_DIR/app" > "$OUTPUT" 2>&1
+ echo "Running ./bin/cake upgradeVersion..." > "$OUTPUT"
+ ./bin/cake upgradeVersion > "$OUTPUT" 2>&1
+ echo "Done running ./bin/cake upgradeVersion" > "$OUTPUT"
+ echo "You may ignore errors reported above if the Current and Target versions are the same" > "$OUTPUT"
+ popd > "$OUTPUT" 2>&1
+
+ # Force a datbase update if requested. This is helpful when deploying
+ # a new version of the code that does not result in a change in the
+ # version number and so upgradeVersion does not fire. An example
+ # of this scenario is when new code is introduced in the develop
+ # branch but before a release happens.
+ if [ -n "$COMANAGE_MATCH_DATABASE_SCHEMA_FORCE" ]; then
+ echo "Forcing a database schema update..." > "$OUTPUT"
+ pushd "$COMANAGE_MATCH_DIR/app" > "$OUTPUT" 2>&1
+ ./bin/cake database > "$OUTPUT" 2>&1
+ echo "Done forcing database schema update" > "$OUTPUT"
+ popd > "$OUTPUT" 2>&1
+ fi
+
+ # Clear the caches again.
+ comanage_utils::match_clear_cache
+}
+
##########################################
# Set tmp directory file ownership
# Globals:
diff --git a/container/shibboleth-sp-base/Dockerfile b/container/shibboleth-sp-base/Dockerfile
index 8fff953cb..5a6c2fb54 100644
--- a/container/shibboleth-sp-base/Dockerfile
+++ b/container/shibboleth-sp-base/Dockerfile
@@ -22,7 +22,7 @@ ARG LOG4SHIB_VERSION
ENV LOG4SHIB_VERSION=${LOG4SHIB_VERSION:-2.0.1}
ARG XERCESC_VERSION
-ENV XERCESC_VERSION=${XERCESC_VERSION:-3.2.4}
+ENV XERCESC_VERSION=${XERCESC_VERSION:-3.2.5}
ARG XMLSECC_VERSION
ENV XMLSECC_VERSION=${XMLSECC_VERSION:-2.0.4}